On Mon, 07 Nov 2016, Thorsten Eggert wrote:
> Hi Alex,
> I would call my self an experienced programmer, I also ran into trouble with
> this and debugged more time than it's worth...
You should not in any kind use this security flawed feature, however:
> How can I get the maintainer of this
Hi Alex,
I would call my self an experienced programmer, I also ran into trouble
with this and debugged more time than it's worth...
How can I get the maintainer of this package?
greetings
Thorsten
I too am experiencing big problems with this change. It blocked all my
debian 8 upgrade.
It doesn't make sense to remove a feature because it can be used the wrong
way
--
Diego Roccia
diego.roccia (at) gmail (dot) com
On Tue, 10 May 2016, Falk Brockerhoff wrote:
> Alex,
>
> I understand that you aren’t happy as the maintainer of this package.
> Unfortunately I don’t have any coding skills, so that I’m not able to support
> you. Sorry for this.
>
> But I’m a user of this package and really do need the
Alex,
I understand that you aren’t happy as the maintainer of this package.
Unfortunately I don’t have any coding skills, so that I’m not able to support
you. Sorry for this.
But I’m a user of this package and really do need the „dont_blame_nrpe“. Why
can’t you just put it back in? It was
On Sat, 23 Apr 2016, Jan Tomasek wrote:
> Hi,
>
> I'm another one who spend some time examining why after upgrade is nrpe
> not working.
>
> I've read whole thread about this Bug#756479 and can't find any
> reference to description how to to exploit nagios-nrpe-server with
Hi,
I'm another one who spend some time examining why after upgrade is nrpe
not working.
I've read whole thread about this Bug#756479 and can't find any
reference to description how to to exploit nagios-nrpe-server with
dont_blame_nrpe=0
allow_bash_command_substitution=0
I've been searching
On Fri, 22 Jan 2016, Fabien COELHO wrote:
>
> Hello Alexander,
>
>
> ISTM that you did not answer about my point that the current configuration
> file is misleading, as the 'dont_blame_nrpe' option is ignored but there is
> no warning about that fact in the file nor in the log. If it had been
On Fri, 22 Jan 2016, Fabien COELHO wrote:
>
> Sigh. I've lost 1 hour on this "improvement".
>
> Please note that there is still a bug: the installed "/etc/nagios/nrpe.cfg"
> configuration file now contains a option which is ignored, but AFAICS there
> is no warning about that fact in the file
Sigh. I've lost 1 hour on this "improvement".
Please note that there is still a bug: the installed
"/etc/nagios/nrpe.cfg" configuration file now contains a option which is
ignored, but AFAICS there is no warning about that fact in the file nor in
the log when starting nrpe, so people will
Hello Alexander,
ISTM that you did not answer about my point that the current configuration
file is misleading, as the 'dont_blame_nrpe' option is ignored but there
is no warning about that fact in the file nor in the log. If it had been
the case, I would have lost much less time.
The
On Tue, 01 Sep 2015, David Rosenstrauch wrote:
> On 09/01/2015 10:58 AM, Alexander Wirt wrote:
> >On Tue, 01 Sep 2015, David Rosenstrauch wrote:
> >
> >>So what is the recommended workaround for users who are currently relying on
> >>this functionality?
> >either get your environment fixed, or
So what is the recommended workaround for users who are currently
relying on this functionality?
On Tue, 01 Sep 2015, David Rosenstrauch wrote:
> So what is the recommended workaround for users who are currently relying on
> this functionality?
either get your environment fixed, or build your own package.
Alex
On 09/01/2015 10:58 AM, Alexander Wirt wrote:
On Tue, 01 Sep 2015, David Rosenstrauch wrote:
So what is the recommended workaround for users who are currently relying on
this functionality?
either get your environment fixed, or build your own package.
Alex
Not sure what you mean by "get
On 09/01/2015 11:15 AM, Alexander Wirt wrote:
On Tue, 01 Sep 2015, David Rosenstrauch wrote:
On 09/01/2015 10:58 AM, Alexander Wirt wrote:
On Tue, 01 Sep 2015, David Rosenstrauch wrote:
So what is the recommended workaround for users who are currently relying on
this functionality?
either
On Tue, 01 Sep 2015, David Rosenstrauch wrote:
> On 09/01/2015 11:15 AM, Alexander Wirt wrote:
> >On Tue, 01 Sep 2015, David Rosenstrauch wrote:
> >
> >>On 09/01/2015 10:58 AM, Alexander Wirt wrote:
> >>>On Tue, 01 Sep 2015, David Rosenstrauch wrote:
> >>>
> So what is the recommended
On Sun, 12 Jul 2015, Patrik Schindler wrote:
Hello,
following the discussion, I see no other option for me than recompile nrpe
with command args enabled and set it to hold.
About the arguments flowing between the paticipants of this bug report: I
don't know about prior discussions.
Hello,
following the discussion, I see no other option for me than recompile nrpe with
command args enabled and set it to hold.
About the arguments flowing between the paticipants of this bug report: I don't
know about prior discussions. Most Debian users don't know about these. And I
think
Thanks for the deprecation warning in previous releases... Oh yeah there
wasn't one. nor is there anything to say this has been disabled in the
default config file in fact it's still there with a big fat warning about
the dangers of turning it on. I agree it's a security issue especially if
used
On Wed, 27 Aug 2014 06:24:35 -0700 Alexander Wirt formo...@debian.org
wrote:
I tend to disagree. And if you think the removal of --enable-command-args
wasn't thought about a long time with several discussions you are wrong.
So did you now completely remove it because i am not able to enable
On Sun, 04 Jan 2015, Thomas Rechberger wrote:
On Wed, 27 Aug 2014 06:24:35 -0700 Alexander Wirt formo...@debian.org
wrote:
I tend to disagree. And if you think the removal of --enable-command-args
wasn't thought about a long time with several discussions you are wrong.
So did you now
C'mon. Did you actually think nobody would complain about this?
For us, nagios-nrpe-server is unusable without --enable-command-args.
You haven't made nagios-nrpe-server more secure, you've just limited
the options of the users.
Regards,
Oskar
--
To UNSUBSCRIBE, email to
On Wed, 27 Aug 2014, Oskar Liljeblad wrote:
C'mon. Did you actually think nobody would complain about this?
For us, nagios-nrpe-server is unusable without --enable-command-args.
You haven't made nagios-nrpe-server more secure, you've just limited
the options of the users.
I tend to disagree.
Dear god. Yeah, I see, it just happened. It just happened that ignorants and
fools like you
just got that privilege to be part of such an important software project like
Debian is. Un-
fortunately. This mentality of yours and similar is even more dangerous than a
payed “feel-
On Sun, 03 Aug 2014, Michal Zelinka wrote:
Dear god. Yeah, I see, it just happened. It just happened that ignorants and
fools like you
just got that privilege to be part of such an important software project like
Debian is. Un-
fortunately. This mentality of yours and similar is even more
Dear Maintainer,
i know, that you compiled without -enable-command-args and you wrote in the
NEWS.Debian file, that you disabled it because there are security problems and
that this feature is often used wrong.
Some people need this feature to manage monitoring parameters central. Your
On Thu, 31 Jul 2014, rausc...@buxtehude.debian.org wrote:
Dear Maintainer,
i know, that you compiled without -enable-command-args and you wrote in the
NEWS.Debian file, that you disabled it because there are security problems
and that this feature is often used wrong.
Some people need
So you solve ignorant users by disabling a feature of the software
package. That would leave the choice between recompiling every time
there is an update to fix the cripled package, stay at the 2.13 level or
ditch Debian after 18 years.
On 30/07/14 13:57, Alexander Wirt wrote:
tag 756479 wontfix
On Thu, 31 Jul 2014, Jan Huijsmans wrote:
So you solve ignorant users by disabling a feature of the software
package. That would leave the choice between recompiling every time
there is an update to fix the cripled package, stay at the 2.13 level or
ditch Debian after 18 years.
As said, feel
Package: nagios-nrpe-server
Version: 2.15-1
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Upgrade from 2.13-3.1 to 2.15-1
* What exactly did you do (or not do) that was effective (or
tag 756479 wontfix
thanks
On Wed, 30 Jul 2014, Jan Huijsmans wrote:
Package: nagios-nrpe-server
Version: 2.15-1
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Upgrade from
32 matches
Mail list logo